User`s manual
NPort S8000 Series Switch Featured Functions
6-44
failure to the authenticator if the Local User Database is used. The authenticator sends an “EAP-Failure”
frame to the supplicant.
3. The RADIUS server sends a “RADIUS Access-Challenge,” which contains an “EAP Request” with an
authentication type to the authenticator to ask for the password from the client. RFC 2284 defines several
EAP authentication types, such as “MD5-Challenge,” “One-Time Password,” and “Generic Token Card.”
Currently, only “MD5-Challenge” is supported. If the Local User Database is used, this step is skipped.
4. The authenticator sends an “EAP Request/MD5-Challenge” frame to the supplicant. If the RADIUS server is
used, the “EAP Request/MD5-Challenge” frame is retrieved directly from the “RADIUS Access-Challenge”
frame.
5. The supplicant responds to the “EAP Request/MD5-Challenge” by sending an “EAP
Response/MD5-Challenge” frame that encapsulates the user’s password using the MD5 hash algorithm.
6. If the RADIUS server is used as the authentication server, the authenticator relays the “EAP
Response/MD5-Challenge” frame from the supplicant by encapsulating it into a “RADIUS Access-Request”
frame along with a “Shared Secret,” which must be the same within the authenticator and the RADIUS
server, and sends the frame to the RADIUS server. The RADIUS server checks against the password with its
database, and replies with “RADIUS Access-Accept” or “RADIUS Access-Reject” to the authenticator. If the
Local User Database is used, the password is checked against its database and indicates success or failure
to the authenticator.
7. The authenticator sends “EAP Success” or “EAP Failure” based on the reply from the authentication server.
Configuring Static Port Lock
The NPort S8000 supports adding unicast groups manually if required.
Setting Description Factory Default
MAC Address Add the static unicast MAC address into the address table. None
Port Fix the static address with a dedicated port. 1